// This file was extracted from the TCG Published
// Trusted Platform Module Library
// Part 3: Commands
// Family "2.0"
// Level 00 Revision 01.16
// October 30, 2014

#include "InternalRoutines.h"
#include "HierarchyChangeAuth_fp.h"
#include "Object_spt_fp.h"
//
//
//     Error Returns                     Meaning
//
//     TPM_RC_SIZE                       newAuth size is greater than that of integrity hash digest
//
TPM_RC
TPM2_HierarchyChangeAuth(
   HierarchyChangeAuth_In    *in                    // IN: input parameter list
   )
{
   TPM_RC       result;

   // The command needs NV update. Check if NV is available.
   // A TPM_RC_NV_UNAVAILABLE or TPM_RC_NV_RATE error may be returned at
   // this point
   result = NvIsAvailable();
   if(result != TPM_RC_SUCCESS) return result;

   // Make sure the the auth value is a reasonable size (not larger than
   // the size of the digest produced by the integrity hash. The integrity
   // hash is assumed to produce the longest digest of any hash implemented
   // on the TPM.
   if( MemoryRemoveTrailingZeros(&in->newAuth)
           > CryptGetHashDigestSize(CONTEXT_INTEGRITY_HASH_ALG))
       return TPM_RC_SIZE + RC_HierarchyChangeAuth_newAuth;

   // Set hierarchy authValue
   switch(in->authHandle)
   {
   case TPM_RH_OWNER:
       gp.ownerAuth = in->newAuth;
       NvWriteReserved(NV_OWNER_AUTH, &gp.ownerAuth);
       break;
   case TPM_RH_ENDORSEMENT:
       gp.endorsementAuth = in->newAuth;
       NvWriteReserved(NV_ENDORSEMENT_AUTH, &gp.endorsementAuth);
       break;
   case TPM_RH_PLATFORM:
       gc.platformAuth = in->newAuth;
       // orderly state should be cleared
       g_clearOrderly = TRUE;
       break;
   case TPM_RH_LOCKOUT:
       gp.lockoutAuth = in->newAuth;
       NvWriteReserved(NV_LOCKOUT_AUTH, &gp.lockoutAuth);
       break;
   default:
       pAssert(FALSE);
       break;
   }

   return TPM_RC_SUCCESS;
}